onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 18:27:16 +01:00
Code Issues Releases Wiki Activity

* iptables.g (comment): see #2336 Importer for iptables recognizes

Browse Source 
version stored in the top comment by iptables-save and sets
version in the firewall object it creates.
This commit is contained in:
Vadim Kurland 2011-04-11 18:17:48 -07:00
parent aa4c661395
commit e9ffe7b67b
38 changed files with 2160 additions and 1082 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3523"
BUILD_NUM="3524"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "4.2.0.3523"
#define VERSION "4.2.0.3524"
#define GENERATION "4.2"

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2011-04-11 vadim <vadim@netcitadel.com>
* iptables.g (comment): see #2336 Importer for iptables recognizes
version stored in the top comment by iptables-save and sets
version in the firewall object it creates.
2011-04-10 vadim <vadim@netcitadel.com>
* utils.cpp (expand_interface_with_phys_address): see #2324 "NAT +

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 4.2.0.3523
%define version 4.2.0.3524
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 4.2.0.3523-1
Version: 4.2.0.3524-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 4.2.0.3523
%define version 4.2.0.3524
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
src/import/IOSImporterRun.cpp
View File

@ -99,6 +99,6 @@ void IOSImporter::run()
}
if (!err.isEmpty())
throw ImporterException(err.join("\n"));
*logger << err.join("\n").toUtf8().constData();
}

14
src/import/IPTImporter.cpp
View File

@ -58,6 +58,13 @@ extern int fwbdebug;
using namespace std;
using namespace libfwbuilder;
// TODO: this should move to some common library, together with
// getVersionsForPlatform() it uses. Currently these functions are
// defined in libgui/platforms.cpp
extern QString findBestVersionMatch(const QString &platform,
const QString &discovered_version);
IPTImporter::IPTImporter(FWObject *lib,
std::istringstream &input,
@ -1445,6 +1452,13 @@ Firewall* IPTImporter::finalize()
fw->setStr("host_OS", "linux24");
Resources::setDefaultTargetOptions("linux24" , fw);
fw->setStr("version", ""); // default version "any"
string version = findBestVersionMatch(
"iptables", discovered_version.c_str()).toStdString();
if ( ! version.empty())
fw->setStr("version", version);
fw->getManagementObject(); // creates management obj
FWOptions *fwopt = fw->getOptionsObject();

2
src/import/IPTImporterRun.cpp
View File

@ -143,6 +143,6 @@ void IPTImporter::run()
}
if (!err.isEmpty())
throw ImporterException(err.join("\n"));
*logger << err.join("\n").toUtf8().constData();
}

3
src/import/Importer.cpp
View File

@ -825,7 +825,8 @@ int Importer::countRules()
// This string is created in IPTImporter::getUnidirRuleSet()
string rs_index = it->first;
UnidirectionalRuleSet* rs = it->second;
n += rs->ruleset->getRuleSetSize();
if (rs->ruleset)
n += rs->ruleset->getRuleSetSize();
}
return n;
}

2
src/import/PIXImporterRun.cpp
View File

@ -142,6 +142,6 @@ void PIXImporter::run()
}
if (!err.isEmpty())
throw ImporterException(err.join("\n"));
*logger << err.join("\n").toUtf8().constData();
}

371
src/parsers/IPTCfgLexer.cpp
View File

@ -49,39 +49,39 @@ IPTCfgLexer::IPTCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState&
void IPTCfgLexer::initLiterals()
{
literals["FIN"] = 106;
literals["RST"] = 107;
literals["NEW"] = 60;
literals["comment"] = 93;
literals["ESTABLISHED"] = 61;
literals["recent"] = 71;
literals["limit"] = 68;
literals["POSTROUTING"] = 13;
literals["INPUT"] = 9;
literals["ACK"] = 105;
literals["URG"] = 108;
literals["mark"] = 66;
literals["iprange"] = 72;
literals["multiport"] = 92;
literals["pkttype"] = 87;
literals["broadcast"] = 89;
literals["NONE"] = 111;
literals["multicast"] = 90;
literals["ALL"] = 110;
literals["length"] = 85;
literals["PSH"] = 109;
literals["SYN"] = 104;
literals["udp"] = 31;
literals["PREROUTING"] = 12;
literals["FORWARD"] = 10;
literals["INVALID"] = 59;
literals["OUTPUT"] = 11;
literals["state"] = 63;
literals["unicast"] = 91;
literals["RELATED"] = 62;
literals["icmp"] = 32;
literals["tcp"] = 30;
literals["COMMIT"] = 6;
literals["FIN"] = 108;
literals["RST"] = 109;
literals["NEW"] = 62;
literals["comment"] = 95;
literals["ESTABLISHED"] = 63;
literals["recent"] = 73;
literals["limit"] = 70;
literals["POSTROUTING"] = 16;
literals["INPUT"] = 12;
literals["ACK"] = 107;
literals["URG"] = 110;
literals["mark"] = 68;
literals["iprange"] = 74;
literals["multiport"] = 94;
literals["pkttype"] = 89;
literals["broadcast"] = 91;
literals["NONE"] = 113;
literals["multicast"] = 92;
literals["ALL"] = 112;
literals["length"] = 87;
literals["PSH"] = 111;
literals["SYN"] = 106;
literals["udp"] = 33;
literals["PREROUTING"] = 15;
literals["FORWARD"] = 13;
literals["INVALID"] = 61;
literals["OUTPUT"] = 14;
literals["state"] = 65;
literals["unicast"] = 93;
literals["RELATED"] = 64;
literals["icmp"] = 34;
literals["tcp"] = 32;
literals["COMMIT"] = 9;
}
ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
@ -185,6 +185,12 @@ ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
theRetToken=_returnToken;
break;
}
case 0x23 /* '#' */ :
{
mNUMBER_SIGN(true);
theRetToken=_returnToken;
break;
}
case 0x25 /* '%' */ :
{
mPERCENT(true);
@ -546,8 +552,8 @@ ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
mROUTE_GW(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x23 /* '#' */ ) && ((LA(2) >= 0x3 /* '\3' */ && LA(2) <= 0xff))) {
mLINE_COMMENT(true);
else if ((LA(1) == 0x20 /* ' ' */ ) && (LA(2) == 0x47 /* 'G' */ )) {
mIPTABLES_SAVE_HEADER(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (LA(2) == 0x41 /* 'A' */ )) {
@ -586,14 +592,10 @@ ANTLR_USE_NAMESPACE(antlr)RefToken IPTCfgLexer::nextToken()
mOPT_FRAGM(true);
theRetToken=_returnToken;
}
else if ((_tokenSet_0.member(LA(1)))) {
else if ((_tokenSet_0.member(LA(1))) && (true)) {
mWhitespace(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x23 /* '#' */ ) && (true)) {
mNUMBER_SIGN(true);
theRetToken=_returnToken;
}
else if ((LA(1) == 0x2d /* '-' */ ) && (true)) {
mMINUS(true);
theRetToken=_returnToken;
@ -628,60 +630,12 @@ tryAgain:;
}
}
void IPTCfgLexer::mLINE_COMMENT(bool _createToken) {
void IPTCfgLexer::mIPTABLES_SAVE_HEADER(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = LINE_COMMENT;
_ttype = IPTABLES_SAVE_HEADER;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
match("#");
{ // ( ... )*
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
{
match(_tokenSet_1);
}
}
else {
goto _loop166;
}
}
_loop166:;
} // ( ... )*
mNEWLINE(false);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void IPTCfgLexer::mNEWLINE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NEWLINE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) {
match("\r\n");
}
else if ((LA(1) == 0xd /* '\r' */ ) && (true)) {
match('\r' /* charlit */ );
}
else if ((LA(1) == 0xa /* '\n' */ )) {
match('\n' /* charlit */ );
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
if ( inputState->guessing==0 ) {
#line 1204 "iptables.g"
newline(); resetText();
#line 684 "IPTCfgLexer.cpp"
}
match(" Generated by iptables-save v");
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
@ -759,9 +713,42 @@ void IPTCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1202 "iptables.g"
#line 1231 "iptables.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 765 "IPTCfgLexer.cpp"
#line 719 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void IPTCfgLexer::mNEWLINE(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = NEWLINE;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
{
if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) {
match("\r\n");
}
else if ((LA(1) == 0xd /* '\r' */ ) && (true)) {
match('\r' /* charlit */ );
}
else if ((LA(1) == 0xa /* '\n' */ )) {
match('\n' /* charlit */ );
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
if ( inputState->guessing==0 ) {
#line 1233 "iptables.g"
newline(); resetText();
#line 752 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -784,6 +771,19 @@ void IPTCfgLexer::mIPV4(bool _createToken) {
_saveIndex=0;
}
void IPTCfgLexer::mTHREE_COMPONENT_VERSION(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = THREE_COMPONENT_VERSION;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
_token->setText(text.substr(_begin, text.length()-_begin));
}
_returnToken = _token;
_saveIndex=0;
}
void IPTCfgLexer::mIPV6(bool _createToken) {
int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
_ttype = IPV6;
@ -957,17 +957,17 @@ void IPTCfgLexer::mNUM_HEX_4DIGIT(bool _createToken) {
mHEXDIGIT(false);
{
if ((_tokenSet_2.member(LA(1)))) {
if ((_tokenSet_1.member(LA(1)))) {
{
mHEXDIGIT(false);
}
{
if ((_tokenSet_2.member(LA(1)))) {
if ((_tokenSet_1.member(LA(1)))) {
{
mHEXDIGIT(false);
}
{
if ((_tokenSet_2.member(LA(1)))) {
if ((_tokenSet_1.member(LA(1)))) {
mHEXDIGIT(false);
}
else {
@ -997,10 +997,10 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
_ttype = NUMBER;
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
bool synPredMatched192 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))) && (_tokenSet_3.member(LA(4))) && (_tokenSet_3.member(LA(5))) && (_tokenSet_3.member(LA(6))) && (_tokenSet_3.member(LA(7))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) {
int _m192 = mark();
synPredMatched192 = true;
bool synPredMatched193 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (_tokenSet_2.member(LA(6))) && (_tokenSet_2.member(LA(7))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) {
int _m193 = mark();
synPredMatched193 = true;
inputState->guessing++;
try {
{
@ -1011,12 +1011,12 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched192 = false;
synPredMatched193 = false;
}
rewind(_m192);
rewind(_m193);
inputState->guessing--;
}
if ( synPredMatched192 ) {
if ( synPredMatched193 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
@ -1026,62 +1026,96 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
match('.' /* charlit */ );
mNUM_3DIGIT(false);
if ( inputState->guessing==0 ) {
#line 1267 "iptables.g"
#line 1300 "iptables.g"
_ttype = IPV4;
#line 1032 "IPTCfgLexer.cpp"
}
}
}
else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) {
{
match('0' /* charlit */ );
match('x' /* charlit */ );
{ // ( ... )+
int _cnt196=0;
for (;;) {
if ((_tokenSet_2.member(LA(1)))) {
mHEXDIGIT(false);
else {
bool synPredMatched196 = false;
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))) && (_tokenSet_2.member(LA(4))) && (_tokenSet_2.member(LA(5))) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true))) {
int _m196 = mark();
synPredMatched196 = true;
inputState->guessing++;
try {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
}
}
else {
if ( _cnt196>=1 ) { goto _loop196; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
synPredMatched196 = false;
}
_cnt196++;
rewind(_m196);
inputState->guessing--;
}
_loop196:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1270 "iptables.g"
_ttype = HEX_CONST;
#line 1058 "IPTCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) {
{ // ( ... )+
int _cnt198=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
if ( synPredMatched196 ) {
{
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
match('.' /* charlit */ );
mNUM_3DIGIT(false);
if ( inputState->guessing==0 ) {
#line 1304 "iptables.g"
_ttype = THREE_COMPONENT_VERSION;
#line 1066 "IPTCfgLexer.cpp"
}
else {
if ( _cnt198>=1 ) { goto _loop198; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt198++;
}
_loop198:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1272 "iptables.g"
_ttype = INT_CONST;
#line 1079 "IPTCfgLexer.cpp"
else if ((LA(1) == 0x30 /* '0' */ ) && (LA(2) == 0x78 /* 'x' */ )) {
{
match('0' /* charlit */ );
match('x' /* charlit */ );
{ // ( ... )+
int _cnt200=0;
for (;;) {
if ((_tokenSet_1.member(LA(1)))) {
mHEXDIGIT(false);
}
else {
if ( _cnt200>=1 ) { goto _loop200; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt200++;
}
_loop200:;
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1308 "iptables.g"
_ttype = HEX_CONST;
#line 1092 "IPTCfgLexer.cpp"
}
}
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true) && (true)) {
{ // ( ... )+
int _cnt202=0;
for (;;) {
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
mDIGIT(false);
}
else {
if ( _cnt202>=1 ) { goto _loop202; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
}
_cnt202++;
}
_loop202:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1310 "iptables.g"
_ttype = INT_CONST;
#line 1113 "IPTCfgLexer.cpp"
}
}
}
else {
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
}
}
_ttype = testLiteralsTable(_ttype);
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1328,11 +1362,11 @@ void IPTCfgLexer::mWORD(bool _createToken) {
}
default:
{
goto _loop202;
goto _loop206;
}
}
}
_loop202:;
_loop206:;
} // ( ... )*
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -1350,15 +1384,15 @@ void IPTCfgLexer::mSTRING(bool _createToken) {
match('\"' /* charlit */ );
{ // ( ... )*
for (;;) {
if ((_tokenSet_4.member(LA(1)))) {
if ((_tokenSet_3.member(LA(1)))) {
matchNot('\"' /* charlit */ );
}
else {
goto _loop205;
goto _loop209;
}
}
_loop205:;
_loop209:;
} // ( ... )*
match('\"' /* charlit */ );
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
@ -1389,9 +1423,9 @@ void IPTCfgLexer::mRSOURCE(bool _createToken) {
match("--rsource");
if ( inputState->guessing==0 ) {
#line 1296 "iptables.g"
#line 1334 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1395 "IPTCfgLexer.cpp"
#line 1429 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -2052,9 +2086,9 @@ void IPTCfgLexer::mULOG_QTHR(bool _createToken) {
match("--ulog-qthreshold");
if ( inputState->guessing==0 ) {
#line 1363 "iptables.g"
#line 1401 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 2058 "IPTCfgLexer.cpp"
#line 2092 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -2071,9 +2105,9 @@ void IPTCfgLexer::mULOG_NLG(bool _createToken) {
match("--ulog-nlgroup");
if ( inputState->guessing==0 ) {
#line 1364 "iptables.g"
#line 1402 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 2077 "IPTCfgLexer.cpp"
#line 2111 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -2090,9 +2124,9 @@ void IPTCfgLexer::mULOG_CPR(bool _createToken) {
match("--ulog-cprange");
if ( inputState->guessing==0 ) {
#line 1365 "iptables.g"
#line 1403 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 2096 "IPTCfgLexer.cpp"
#line 2130 "IPTCfgLexer.cpp"
}
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
_token = makeToken(_ttype);
@ -2667,27 +2701,20 @@ const unsigned long IPTCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL,
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f 0x7f 0x80 0x81
// 0x82 0x83 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f
// 0x90
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
const unsigned long IPTCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14
// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! \" # $ %
// & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G
// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h
// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
const unsigned long IPTCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const unsigned long IPTCfgLexer::_tokenSet_1_data_[] = { 0UL, 67043328UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_2(_tokenSet_2_data_,10);
const unsigned long IPTCfgLexer::_tokenSet_3_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_1(_tokenSet_1_data_,10);
const unsigned long IPTCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// . 0 1 2 3 4 5 6 7 8 9
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_3(_tokenSet_3_data_,10);
const unsigned long IPTCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_2(_tokenSet_2_data_,10);
const unsigned long IPTCfgLexer::_tokenSet_3_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13
// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $
// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F
// G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g
// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_4(_tokenSet_4_data_,16);
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90
const ANTLR_USE_NAMESPACE(antlr)BitSet IPTCfgLexer::_tokenSet_3(_tokenSet_3_data_,16);

7
src/parsers/IPTCfgLexer.hpp
View File

@ -47,10 +47,11 @@ public:
IPTCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib);
IPTCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state);
ANTLR_USE_NAMESPACE(antlr)RefToken nextToken();
public: void mLINE_COMMENT(bool _createToken);
public: void mNEWLINE(bool _createToken);
public: void mIPTABLES_SAVE_HEADER(bool _createToken);
public: void mWhitespace(bool _createToken);
public: void mNEWLINE(bool _createToken);
protected: void mIPV4(bool _createToken);
protected: void mTHREE_COMPONENT_VERSION(bool _createToken);
protected: void mIPV6(bool _createToken);
protected: void mMAC_ADDRESS(bool _createToken);
protected: void mINT_CONST(bool _createToken);
@ -164,8 +165,6 @@ private:
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2;
static const unsigned long _tokenSet_3_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3;
static const unsigned long _tokenSet_4_data_[];
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4;
};
#endif /*INC_IPTCfgLexer_hpp_*/

804
src/parsers/IPTCfgParser.cpp
View File

File diff suppressed because it is too large Load Diff

7
src/parsers/IPTCfgParser.hpp
View File

@ -46,18 +46,21 @@ class CUSTOM_API IPTCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, publ
virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex)
{
importer->addMessageToLog("Parser error: " + ex.toString());
std::cerr << ex.toString() << std::endl;
}
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser error: " + s);
std::cerr << s << std::endl;
}
/// Parser warning-reporting function can be overridden in subclass
virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser warning: " + s);
std::cerr << s << std::endl;
}
#line 38 "IPTCfgParser.hpp"
@ -159,10 +162,10 @@ protected:
private:
static const char* tokenNames[];
#ifndef NO_STATIC_CONSTS
static const int NUM_TOKENS = 144;
static const int NUM_TOKENS = 145;
#else
enum {
NUM_TOKENS = 144
NUM_TOKENS = 145
};
#endif

279
src/parsers/IPTCfgParserTokenTypes.hpp
View File

@ -13,145 +13,146 @@ struct CUSTOM_API IPTCfgParserTokenTypes {
enum {
EOF_ = 1,
NEWLINE = 4,
LINE_COMMENT = 5,
COMMIT = 6,
STAR = 7,
WORD = 8,
INPUT = 9,
FORWARD = 10,
OUTPUT = 11,
PREROUTING = 12,
POSTROUTING = 13,
COLON = 14,
MINUS = 15,
OPENING_SQUARE = 16,
INT_CONST = 17,
CLOSING_SQUARE = 18,
ADD_RULE = 19,
UNSUPPORTED_OPTION = 20,
DIGIT = 21,
SLASH = 22,
OPT_MODULE = 23,
OPT_SRC = 24,
EXCLAMATION = 25,
IPV4 = 26,
OPT_DST = 27,
OPT_IN_INTF = 28,
OPT_OUT_INTF = 29,
TCP = 30,
UDP = 31,
ICMP = 32,
OPT_PROTO = 33,
OPT_TARGET = 34,
REJECT_WITH = 35,
LOG_PREFIX = 36,
STRING = 37,
LOG_TCP_SEQ = 38,
LOG_TCP_OPT = 39,
LOG_IP_OPT = 40,
ULOG_PREFIX = 41,
LOG_LEVEL = 42,
SET_MARK = 43,
HEX_CONST = 44,
SET_TOS = 45,
SAVE_MARK = 46,
RESTORE_MARK = 47,
CONTINUE = 48,
ROUTE_IIF = 49,
ROUTE_OIF = 50,
ROUTE_GW = 51,
ROUTE_TEE = 52,
TO_SOURCE = 53,
TO_DESTINATION = 54,
TO_PORTS = 55,
TO_NETMAP = 56,
CLAMP_MSS = 57,
OPT_FRAGM = 58,
INVALID = 59,
NEW = 60,
ESTABLISHED = 61,
RELATED = 62,
M_STATE = 63,
MATCH_STATE = 64,
COMMA = 65,
M_MARK = 66,
MATCH_MARK = 67,
M_LIMIT = 68,
MATCH_LIMIT = 69,
MATCH_LIMIT_BURST = 70,
M_RECENT = 71,
M_IPRANGE = 72,
MATCH_IPRANGE_SRC = 73,
MATCH_IPRANGE_DST = 74,
MATCH_RECENT_SET = 75,
MATCH_RECENT_RCHECK = 76,
MATCH_RECENT_UPDATE = 77,
MATCH_RECENT_REMOVE = 78,
MATCH_RECENT_RTTL = 79,
RSOURCE = 80,
MATCH_RECENT_RDEST = 81,
MATCH_RECENT_NAME = 82,
MATCH_RECENT_SECONDS = 83,
MATCH_RECENT_HITCOUNT = 84,
M_LENGTH = 85,
MATCH_LENGTH = 86,
M_PKTTYPE = 87,
MATCH_PKT_TYPE = 88,
WORD_BROADCAST = 89,
WORD_MULTICAST = 90,
WORD_UNICAST = 91,
M_MPORT = 92,
M_COMMENT = 93,
MATCH_COMMENT = 94,
MATCH_SRC_MULTIPORT = 95,
MATCH_DST_MULTIPORT = 96,
MATCH_BOTH_MULTIPORT = 97,
MATCH_ICMP_TYPE = 98,
MATCH_SRC_PORT = 99,
MATCH_SRC_PORT_SHORT = 100,
MATCH_DST_PORT = 101,
MATCH_DST_PORT_SHORT = 102,
MATCH_SYN = 103,
SYN = 104,
ACK = 105,
FIN = 106,
RST = 107,
URG = 108,
PSH = 109,
ALL = 110,
NONE = 111,
MATCH_TCP_FLAGS = 112,
MATCH_TCP_OPTION = 113,
Whitespace = 114,
IPV6 = 115,
MAC_ADDRESS = 116,
NEG_INT_CONST = 117,
HEXDIGIT = 118,
NUM_3DIGIT = 119,
NUM_HEX_4DIGIT = 120,
NUMBER = 121,
ULOG_QTHR = 122,
ULOG_NLG = 123,
ULOG_CPR = 124,
NUMBER_SIGN = 125,
PERCENT = 126,
AMPERSAND = 127,
APOSTROPHE = 128,
OPENING_PAREN = 129,
CLOSING_PAREN = 130,
PLUS = 131,
DOT = 132,
SEMICOLON = 133,
LESS_THAN = 134,
EQUALS = 135,
GREATER_THAN = 136,
QUESTION = 137,
COMMERCIAL_AT = 138,
CARET = 139,
UNDERLINE = 140,
OPENING_BRACE = 141,
CLOSING_BRACE = 142,
TILDE = 143,
NUMBER_SIGN = 5,
IPTABLES_SAVE_HEADER = 6,
THREE_COMPONENT_VERSION = 7,
IPV4 = 8,
COMMIT = 9,
STAR = 10,
WORD = 11,
INPUT = 12,
FORWARD = 13,
OUTPUT = 14,
PREROUTING = 15,
POSTROUTING = 16,
COLON = 17,
MINUS = 18,
OPENING_SQUARE = 19,
INT_CONST = 20,
CLOSING_SQUARE = 21,
ADD_RULE = 22,
UNSUPPORTED_OPTION = 23,
DIGIT = 24,
SLASH = 25,
OPT_MODULE = 26,
OPT_SRC = 27,
EXCLAMATION = 28,
OPT_DST = 29,
OPT_IN_INTF = 30,
OPT_OUT_INTF = 31,
TCP = 32,
UDP = 33,
ICMP = 34,
OPT_PROTO = 35,
OPT_TARGET = 36,
REJECT_WITH = 37,
LOG_PREFIX = 38,
STRING = 39,
LOG_TCP_SEQ = 40,
LOG_TCP_OPT = 41,
LOG_IP_OPT = 42,
ULOG_PREFIX = 43,
LOG_LEVEL = 44,
SET_MARK = 45,
HEX_CONST = 46,
SET_TOS = 47,
SAVE_MARK = 48,
RESTORE_MARK = 49,
CONTINUE = 50,
ROUTE_IIF = 51,
ROUTE_OIF = 52,
ROUTE_GW = 53,
ROUTE_TEE = 54,
TO_SOURCE = 55,
TO_DESTINATION = 56,
TO_PORTS = 57,
TO_NETMAP = 58,
CLAMP_MSS = 59,
OPT_FRAGM = 60,
INVALID = 61,
NEW = 62,
ESTABLISHED = 63,
RELATED = 64,
M_STATE = 65,
MATCH_STATE = 66,
COMMA = 67,
M_MARK = 68,
MATCH_MARK = 69,
M_LIMIT = 70,
MATCH_LIMIT = 71,
MATCH_LIMIT_BURST = 72,
M_RECENT = 73,
M_IPRANGE = 74,
MATCH_IPRANGE_SRC = 75,
MATCH_IPRANGE_DST = 76,
MATCH_RECENT_SET = 77,
MATCH_RECENT_RCHECK = 78,
MATCH_RECENT_UPDATE = 79,
MATCH_RECENT_REMOVE = 80,
MATCH_RECENT_RTTL = 81,
RSOURCE = 82,
MATCH_RECENT_RDEST = 83,
MATCH_RECENT_NAME = 84,
MATCH_RECENT_SECONDS = 85,
MATCH_RECENT_HITCOUNT = 86,
M_LENGTH = 87,
MATCH_LENGTH = 88,
M_PKTTYPE = 89,
MATCH_PKT_TYPE = 90,
WORD_BROADCAST = 91,
WORD_MULTICAST = 92,
WORD_UNICAST = 93,
M_MPORT = 94,
M_COMMENT = 95,
MATCH_COMMENT = 96,
MATCH_SRC_MULTIPORT = 97,
MATCH_DST_MULTIPORT = 98,
MATCH_BOTH_MULTIPORT = 99,
MATCH_ICMP_TYPE = 100,
MATCH_SRC_PORT = 101,
MATCH_SRC_PORT_SHORT = 102,
MATCH_DST_PORT = 103,
MATCH_DST_PORT_SHORT = 104,
MATCH_SYN = 105,
SYN = 106,
ACK = 107,
FIN = 108,
RST = 109,
URG = 110,
PSH = 111,
ALL = 112,
NONE = 113,
MATCH_TCP_FLAGS = 114,
MATCH_TCP_OPTION = 115,
Whitespace = 116,
IPV6 = 117,
MAC_ADDRESS = 118,
NEG_INT_CONST = 119,
HEXDIGIT = 120,
NUM_3DIGIT = 121,
NUM_HEX_4DIGIT = 122,
NUMBER = 123,
ULOG_QTHR = 124,
ULOG_NLG = 125,
ULOG_CPR = 126,
PERCENT = 127,
AMPERSAND = 128,
APOSTROPHE = 129,
OPENING_PAREN = 130,
CLOSING_PAREN = 131,
PLUS = 132,
DOT = 133,
SEMICOLON = 134,
LESS_THAN = 135,
EQUALS = 136,
GREATER_THAN = 137,
QUESTION = 138,
COMMERCIAL_AT = 139,
CARET = 140,
UNDERLINE = 141,
OPENING_BRACE = 142,
CLOSING_BRACE = 143,
TILDE = 144,
NULL_TREE_LOOKAHEAD = 3
};
#ifdef __cplusplus

279
src/parsers/IPTCfgParserTokenTypes.txt
View File

@ -1,142 +1,143 @@
// $ANTLR 2.7.7 (20090306): iptables.g -> IPTCfgParserTokenTypes.txt$
IPTCfgParser // output token vocab name
NEWLINE=4
LINE_COMMENT=5
COMMIT="COMMIT"=6
STAR=7
WORD=8
INPUT="INPUT"=9
FORWARD="FORWARD"=10
OUTPUT="OUTPUT"=11
PREROUTING="PREROUTING"=12
POSTROUTING="POSTROUTING"=13
COLON=14
MINUS=15
OPENING_SQUARE=16
INT_CONST=17
CLOSING_SQUARE=18
ADD_RULE=19
UNSUPPORTED_OPTION=20
DIGIT=21
SLASH=22
OPT_MODULE=23
OPT_SRC=24
EXCLAMATION=25
IPV4=26
OPT_DST=27
OPT_IN_INTF=28
OPT_OUT_INTF=29
TCP="tcp"=30
UDP="udp"=31
ICMP="icmp"=32
OPT_PROTO=33
OPT_TARGET=34
REJECT_WITH=35
LOG_PREFIX=36
STRING=37
LOG_TCP_SEQ=38
LOG_TCP_OPT=39
LOG_IP_OPT=40
ULOG_PREFIX=41
LOG_LEVEL=42
SET_MARK=43
HEX_CONST=44
SET_TOS=45
SAVE_MARK=46
RESTORE_MARK=47
CONTINUE=48
ROUTE_IIF=49
ROUTE_OIF=50
ROUTE_GW=51
ROUTE_TEE=52
TO_SOURCE=53
TO_DESTINATION=54
TO_PORTS=55
TO_NETMAP=56
CLAMP_MSS=57
OPT_FRAGM=58
INVALID="INVALID"=59
NEW="NEW"=60
ESTABLISHED="ESTABLISHED"=61
RELATED="RELATED"=62
M_STATE="state"=63
MATCH_STATE=64
COMMA=65
M_MARK="mark"=66
MATCH_MARK=67
M_LIMIT="limit"=68
MATCH_LIMIT=69
MATCH_LIMIT_BURST=70
M_RECENT="recent"=71
M_IPRANGE="iprange"=72
MATCH_IPRANGE_SRC=73
MATCH_IPRANGE_DST=74
MATCH_RECENT_SET=75
MATCH_RECENT_RCHECK=76
MATCH_RECENT_UPDATE=77
MATCH_RECENT_REMOVE=78
MATCH_RECENT_RTTL=79
RSOURCE=80
MATCH_RECENT_RDEST=81
MATCH_RECENT_NAME=82
MATCH_RECENT_SECONDS=83
MATCH_RECENT_HITCOUNT=84
M_LENGTH="length"=85
MATCH_LENGTH=86
M_PKTTYPE="pkttype"=87
MATCH_PKT_TYPE=88
WORD_BROADCAST="broadcast"=89
WORD_MULTICAST="multicast"=90
WORD_UNICAST="unicast"=91
M_MPORT="multiport"=92
M_COMMENT="comment"=93
MATCH_COMMENT=94
MATCH_SRC_MULTIPORT=95
MATCH_DST_MULTIPORT=96
MATCH_BOTH_MULTIPORT=97
MATCH_ICMP_TYPE=98
MATCH_SRC_PORT=99
MATCH_SRC_PORT_SHORT=100
MATCH_DST_PORT=101
MATCH_DST_PORT_SHORT=102
MATCH_SYN=103
SYN="SYN"=104
ACK="ACK"=105
FIN="FIN"=106
RST="RST"=107
URG="URG"=108
PSH="PSH"=109
ALL="ALL"=110
NONE="NONE"=111
MATCH_TCP_FLAGS=112
MATCH_TCP_OPTION=113
Whitespace=114
IPV6=115
MAC_ADDRESS=116
NEG_INT_CONST=117
HEXDIGIT=118
NUM_3DIGIT=119
NUM_HEX_4DIGIT=120
NUMBER=121
ULOG_QTHR=122
ULOG_NLG=123
ULOG_CPR=124
NUMBER_SIGN=125
PERCENT=126
AMPERSAND=127
APOSTROPHE=128
OPENING_PAREN=129
CLOSING_PAREN=130
PLUS=131
DOT=132
SEMICOLON=133
LESS_THAN=134
EQUALS=135
GREATER_THAN=136
QUESTION=137
COMMERCIAL_AT=138
CARET=139
UNDERLINE=140
OPENING_BRACE=141
CLOSING_BRACE=142
TILDE=143
NUMBER_SIGN=5
IPTABLES_SAVE_HEADER=6
THREE_COMPONENT_VERSION=7
IPV4=8
COMMIT="COMMIT"=9
STAR=10
WORD=11
INPUT="INPUT"=12
FORWARD="FORWARD"=13
OUTPUT="OUTPUT"=14
PREROUTING="PREROUTING"=15
POSTROUTING="POSTROUTING"=16
COLON=17
MINUS=18
OPENING_SQUARE=19
INT_CONST=20
CLOSING_SQUARE=21
ADD_RULE=22
UNSUPPORTED_OPTION=23
DIGIT=24
SLASH=25
OPT_MODULE=26
OPT_SRC=27
EXCLAMATION=28
OPT_DST=29
OPT_IN_INTF=30
OPT_OUT_INTF=31
TCP="tcp"=32
UDP="udp"=33
ICMP="icmp"=34
OPT_PROTO=35
OPT_TARGET=36
REJECT_WITH=37
LOG_PREFIX=38
STRING=39
LOG_TCP_SEQ=40
LOG_TCP_OPT=41
LOG_IP_OPT=42
ULOG_PREFIX=43
LOG_LEVEL=44
SET_MARK=45
HEX_CONST=46
SET_TOS=47
SAVE_MARK=48
RESTORE_MARK=49
CONTINUE=50
ROUTE_IIF=51
ROUTE_OIF=52
ROUTE_GW=53
ROUTE_TEE=54
TO_SOURCE=55
TO_DESTINATION=56
TO_PORTS=57
TO_NETMAP=58
CLAMP_MSS=59
OPT_FRAGM=60
INVALID="INVALID"=61
NEW="NEW"=62
ESTABLISHED="ESTABLISHED"=63
RELATED="RELATED"=64
M_STATE="state"=65
MATCH_STATE=66
COMMA=67
M_MARK="mark"=68
MATCH_MARK=69
M_LIMIT="limit"=70
MATCH_LIMIT=71
MATCH_LIMIT_BURST=72
M_RECENT="recent"=73
M_IPRANGE="iprange"=74
MATCH_IPRANGE_SRC=75
MATCH_IPRANGE_DST=76
MATCH_RECENT_SET=77
MATCH_RECENT_RCHECK=78
MATCH_RECENT_UPDATE=79
MATCH_RECENT_REMOVE=80
MATCH_RECENT_RTTL=81
RSOURCE=82
MATCH_RECENT_RDEST=83
MATCH_RECENT_NAME=84
MATCH_RECENT_SECONDS=85
MATCH_RECENT_HITCOUNT=86
M_LENGTH="length"=87
MATCH_LENGTH=88
M_PKTTYPE="pkttype"=89
MATCH_PKT_TYPE=90
WORD_BROADCAST="broadcast"=91
WORD_MULTICAST="multicast"=92
WORD_UNICAST="unicast"=93
M_MPORT="multiport"=94
M_COMMENT="comment"=95
MATCH_COMMENT=96
MATCH_SRC_MULTIPORT=97
MATCH_DST_MULTIPORT=98
MATCH_BOTH_MULTIPORT=99
MATCH_ICMP_TYPE=100
MATCH_SRC_PORT=101
MATCH_SRC_PORT_SHORT=102
MATCH_DST_PORT=103
MATCH_DST_PORT_SHORT=104
MATCH_SYN=105
SYN="SYN"=106
ACK="ACK"=107
FIN="FIN"=108
RST="RST"=109
URG="URG"=110
PSH="PSH"=111
ALL="ALL"=112
NONE="NONE"=113
MATCH_TCP_FLAGS=114
MATCH_TCP_OPTION=115
Whitespace=116
IPV6=117
MAC_ADDRESS=118
NEG_INT_CONST=119
HEXDIGIT=120
NUM_3DIGIT=121
NUM_HEX_4DIGIT=122
NUMBER=123
ULOG_QTHR=124
ULOG_NLG=125
ULOG_CPR=126
PERCENT=127
AMPERSAND=128
APOSTROPHE=129
OPENING_PAREN=130
CLOSING_PAREN=131
PLUS=132
DOT=133
SEMICOLON=134
LESS_THAN=135
EQUALS=136
GREATER_THAN=137
QUESTION=138
COMMERCIAL_AT=139
CARET=140
UNDERLINE=141
OPENING_BRACE=142
CLOSING_BRACE=143
TILDE=144

48
src/parsers/iptables.g
View File

@ -89,18 +89,21 @@ options
virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex)
{
importer->addMessageToLog("Parser error: " + ex.toString());
std::cerr << ex.toString() << std::endl;
}
/// Parser error-reporting function can be overridden in subclass
virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser error: " + s);
std::cerr << s << std::endl;
}
/// Parser warning-reporting function can be overridden in subclass
virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
{
importer->addMessageToLog("Parser warning: " + s);
std::cerr << s << std::endl;
}
}
@ -123,7 +126,31 @@ cfgfile :
//****************************************************************
comment : LINE_COMMENT ;
// comment can be iptables-save header or a regular comment
// Examples of the header:
//
// # Generated by iptables-save v1.3.5 on Mon Apr 11 15:32:22 2011
// # Generated by iptables-save v1.4.1.1 on Fri Mar 4 12:14:55 2011
//
comment :
NUMBER_SIGN
(
IPTABLES_SAVE_HEADER
( THREE_COMPONENT_VERSION | IPV4 )
{
importer->setCurrentLineNumber(LT(0)->getLine());
std::string version = LT(0)->getText();
importer->setDiscoveredVersion(version);
*dbg << "VERSION " << version << std::endl;
consumeUntil(NEWLINE);
}
)*
{
consumeUntil(NEWLINE);
}
;
//****************************************************************
//****************************************************************
@ -1196,7 +1223,9 @@ tokens
}
LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ;
// LINE_COMMENT : '#' (~('\r' | '\n'))* NEWLINE ;
IPTABLES_SAVE_HEADER : " Generated by iptables-save v";
Whitespace : ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' )
{ _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; } ;
@ -1206,6 +1235,9 @@ NEWLINE : ( "\r\n" | '\r' | '\n' ) { newline(); resetText(); } ;
protected
IPV4:;
protected
THREE_COMPONENT_VERSION:;
protected
IPV6:;
@ -1262,14 +1294,20 @@ NUM_HEX_4DIGIT: HEXDIGIT ((HEXDIGIT) ((HEXDIGIT) (HEXDIGIT)?)?)?;
NUMBER
options { testLiterals = true; }
:
// IPv4 RULE
(NUM_3DIGIT '.' NUM_3DIGIT '.') => (
NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT { $setType(IPV4); }
)
|
(NUM_3DIGIT '.' NUM_3DIGIT '.') => (
NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT { $setType(THREE_COMPONENT_VERSION); }
)
|
| ( '0' 'x' ( HEXDIGIT )+ ) { $setType(HEX_CONST); }
| ( DIGIT )+ { $setType(INT_CONST); }
( '0' 'x' ( HEXDIGIT )+ ) { $setType(HEX_CONST); }
|
( DIGIT )+ { $setType(INT_CONST); }
;

164
src/unit_tests/ImporterTest/ImporterTest.cpp
View File

@ -6,8 +6,6 @@
Author: Roman Bovsunivskiy a2k0001@gmail.com
$Id$
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
@ -58,6 +56,24 @@ using namespace libfwbuilder;
extern string platform;
const char* iptables_sample =
"# Generated by iptables-save %VERSION% on Mon Apr 11 15:50:58 2011\n"
"*filter\n"
":INPUT ACCEPT [0:0]\n"
":FORWARD ACCEPT [0:0]\n"
":OUTPUT ACCEPT [0:0]\n"
":CHAIN-1-INPUT - [0:0]\n"
"-A INPUT -j CHAIN-1-INPUT \n"
"-A FORWARD -j CHAIN-1-INPUT \n"
"-A CHAIN-1-INPUT -j ACCEPT \n"
"COMMIT\n"
"# Completed on Mon Apr 11 15:50:58 2011\n";
extern QString findBestVersionMatch(const QString &platform,
const QString &discovered_version);
class UpgradePredicate: public XMLTools::UpgradePredicate
{
public:
@ -71,8 +87,6 @@ void ImporterTest::setUp()
{
//init();
qDebug() << "Running ImporterTest::setUp()";
FWBTree *tree = new FWBTree();
/* create database */
@ -83,18 +97,25 @@ void ImporterTest::setUp()
db->setReadOnly( false );
qDebug() << Constants::getStandardObjectsFilePath().c_str();
qDebug() << Constants::getDTDDirectory().c_str();
db->load( Constants::getStandardObjectsFilePath(),
&upgrade_predicate, Constants::getDTDDirectory());
qDebug() << "st";
db->setFileName("");
lib = Library::cast(tree->createNewLibrary(db));
lib->setName("User");
logger = new QueueLogger();
// this makes the test compile and link. There is a problem with
// dependencies, the test depends on libimport.a and additionally,
// PIXImporter.cpp depends on this function that is implemented in
// platforms.cpp in libgui.a; however since libgui.a comes before
// libimport.a in linker command line, this function does not get
// pulled since it is not used anywhere except by this test module
// and so linking fails. Making this call creates dependency and
// pulls this function at linking time before libimport.a and its
// dependencies are considered
QString version = findBestVersionMatch("pix", "7.0");
}
void ImporterTest::compareResults(QueueLogger* logger,
@ -120,8 +141,10 @@ void ImporterTest::compareResults(QueueLogger* logger,
CPPUNIT_ASSERT_MESSAGE(
QString(
"Sizes of the generated importer output and test files are different. "
"Expected: %1 (%2) Obtained: %3 (%4)")
"Sizes of the generated importer output and test files are different.\n"
"Expected: %1 (%2)\n"
"Obtained: %3 (%4)\n"
"diff -u %1 %3 | less -S")
.arg(expected_result_file_name).arg(expected_result.size())
.arg(obtained_result_file_name).arg(obtained_result.size()).toStdString(),
expected_result.size() == obtained_result.size());
@ -129,9 +152,13 @@ void ImporterTest::compareResults(QueueLogger* logger,
int max_idx = max(expected_result.size(), obtained_result.size());
for (int i=0; i < max_idx; ++i)
{
QString err = QString("Line %1:\nExpected: '%2'\nResult: '%3'\n")
.arg(i).arg(expected_result[i]).arg(obtained_result[i]);
CPPUNIT_ASSERT_MESSAGE(err.toStdString(), obtained_result[i] == expected_result[i]);
QString err = QString("%1:%2:\nExpected: '%3'\nResult: '%4'\n")
.arg(expected_result_file_name)
.arg(i)
.arg(expected_result[i])
.arg(obtained_result[i]);
CPPUNIT_ASSERT_MESSAGE(
err.toStdString(), obtained_result[i] == expected_result[i]);
}
}
@ -156,8 +183,17 @@ void ImporterTest::compareFwbFiles(QString expected_result_file_name,
// find all lastModified attributes and replace them with identical values
// because they are always going to be different
CPPUNIT_ASSERT_MESSAGE("Sizes of the generated .fwb and test files are different",
expected_result.size() == obtained_result.size());
QString err("Sizes of the generated .fwb and test files are different: \n"
"Expected: %1 (%2)\n"
"Obtained: %3 (%4)\n"
"diff -u %1 %3 | less -S");
CPPUNIT_ASSERT_MESSAGE(
err
.arg(expected_result_file_name).arg(expected_result.size())
.arg(obtained_result_file_name).arg(obtained_result.size())
.toStdString(),
expected_result.size() == obtained_result.size());
QRegExp last_mod_re("lastModified=\"\\d+\"");
int max_idx = max(expected_result.size(), obtained_result.size());
@ -172,9 +208,13 @@ void ImporterTest::compareFwbFiles(QString expected_result_file_name,
for (int i=0; i < max_idx; ++i)
{
QString err = QString("Line %1:\nExpected: '%2'\nResult: '%3'\n")
.arg(i).arg(expected_result[i]).arg(obtained_result[i]);
CPPUNIT_ASSERT_MESSAGE(err.toStdString(), obtained_result[i] == expected_result[i]);
QString err = QString("%1:%2:\nExpected: '%3'\nResult: '%4'\n")
.arg(expected_result_file_name)
.arg(i)
.arg(expected_result[i])
.arg(obtained_result[i]);
CPPUNIT_ASSERT_MESSAGE(
err.toStdString(), obtained_result[i] == expected_result[i]);
}
}
@ -193,17 +233,14 @@ void ImporterTest::IOSImporterTest()
Importer* imp = new IOSImporter(lib, instream, logger, "test_fw");
CPPUNIT_ASSERT_NO_THROW( imp->run() );
//imp->run();
imp->finalize();
db->setPredictableIds();
db->saveFile("ios.fwb");
db->saveFile("ios_res.fwb");
compareFwbFiles("test_data/ios.fwb", "ios_res.fwb");
compareResults(logger, "test_data/ios.result", "ios.output");
compareFwbFiles("test_data/ios.fwb", "ios.fwb");
compareResults(logger, "test_data/ios.output", "ios.output");
}
void ImporterTest::IPTImporterTest()
@ -221,15 +258,82 @@ void ImporterTest::IPTImporterTest()
Importer* imp = new IPTImporter(lib, instream, logger, "test_fw");
CPPUNIT_ASSERT_NO_THROW( imp->run() );
//imp->run();
imp->finalize();
db->setPredictableIds();
db->saveFile("ipt.fwb");
db->saveFile("ipt_res.fwb");
compareFwbFiles("test_data/ipt.fwb", "ipt_res.fwb");
compareResults(logger, "test_data/ipt.result", "ipt.output");
compareFwbFiles("test_data/ipt.fwb", "ipt.fwb");
compareResults(logger, "test_data/ipt.output", "ipt.output");
}
void ImporterTest::IPTImporterNoNatTest()
{
platform = "iptables";
QFile f("test_data/ipt-no-nat.test");
f.open(QFile::ReadOnly);
string buffer = QString(f.readAll()).toStdString();
f.close();
std::istringstream instream(buffer);
Importer* imp = new IPTImporter(lib, instream, logger, "test_fw");
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
db->setPredictableIds();
db->saveFile("ipt-no-nat.fwb");
compareFwbFiles("test_data/ipt-no-nat.fwb", "ipt-no-nat.fwb");
compareResults(logger, "test_data/ipt-no-nat.output", "ipt-no-nat.output");
}
void ImporterTest::IPTImporterParseVersionsTest()
{
platform = "iptables";
QString iptables_save_file(iptables_sample);
QStringList versions;
versions << "v1.1.1" << "v1.1.1.1"
<< "v12.1.1" << "v12.1.1.1"
<< "v1.12.1" << "v1.12.1.1"
<< "v1.1.12" << "v1.1.12.1"
<< "v1.1.1.12" << "v1.2.1a";
foreach (QString v, versions)
{
QString file_name = QString("ipt-%1").arg(v);
QString actual_iptables_save = iptables_save_file;
actual_iptables_save.replace("%VERSION%", v);
std::istringstream instream(actual_iptables_save.toStdString());
Importer* imp = new IPTImporter(lib, instream, logger, "test_fw");
CPPUNIT_ASSERT_NO_THROW( imp->run() );
imp->finalize();
// db->setPredictableIds();
// db->saveFile(file_name.toStdString() + ".fwb");
//
// no need to compare .fwb files, we do not recognize these
// test version numbers anyway so version will be set to "any"
// in all tests anyway
//
// compareFwbFiles(QString("test_data/%1.fwb").arg(file_name),
// QString("%1.fwb").arg(file_name));
compareResults(logger,
QString("test_data/%1.output").arg(file_name),
QString("%1.output").arg(file_name));
}
}

9
src/unit_tests/ImporterTest/ImporterTest.h
View File

@ -6,8 +6,6 @@
Author: Roman Bovsunivskiy a2k0001@gmail.com
$Id$
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
@ -57,10 +55,15 @@ public:
void setUp();
void IOSImporterTest();
void IPTImporterTest();
void IPTImporterNoNatTest();
void IPTImporterParseVersionsTest();
CPPUNIT_TEST_SUITE(ImporterTest);
CPPUNIT_TEST(IOSImporterTest);
CPPUNIT_TEST(IPTImporterTest);
CPPUNIT_TEST(IPTImporterNoNatTest);
CPPUNIT_TEST(IPTImporterParseVersionsTest);
CPPUNIT_TEST_SUITE_END();
};

10
src/unit_tests/ImporterTest/main_ImporterTest.cpp
View File

@ -28,6 +28,11 @@
#include "ImporterTest.h"
#include "fwbuilder/Resources.h"
#include "FWWindow.h"
#include "FWBSettings.h"
#include "FWBApplication.h"
#include "UserWorkflow.h"
#include <QApplication>
#include <QString>
#include <string>
@ -36,6 +41,11 @@
int fwbdebug = 0;
//QString user_name;
FWWindow *mw = NULL;
FWBSettings *st = NULL;
FWBApplication *app = NULL;
UserWorkflow *wfl;
int sig = FWB_SIG;
std::string platform;
int main(int argc, char** argv)

0
src/unit_tests/ImporterTest/test_data/ios.result → src/unit_tests/ImporterTest/test_data/ios.output
View File

814
src/unit_tests/ImporterTest/test_data/ipt-no-nat.fwb Normal file
View File

@ -0,0 +1,814 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302570885" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<ObjectGroup id="stdid01" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid16" name="Addresses" comment="" ro="False">
<IPv4 id="id2001X88798" name="all-hosts" comment="" ro="False" address="224.0.0.1" netmask="0.0.0.0"/>
<IPv4 id="id2002X88798" name="all-routers" comment="" ro="False" address="224.0.0.2" netmask="0.0.0.0"/>
<IPv4 id="id2003X88798" name="all DVMRP" comment="" ro="False" address="224.0.0.4" netmask="0.0.0.0"/>
<IPv4 id="id2117X88798" name="OSPF (all routers)" comment="RFC2328" ro="False" address="224.0.0.5" netmask="0.0.0.0"/>
<IPv4 id="id2128X88798" name="OSPF (designated routers)" comment="RFC2328" ro="False" address="224.0.0.6" netmask="0.0.0.0"/>
<IPv4 id="id2430X88798" name="RIP" comment="RFC1723" ro="False" address="224.0.0.9" netmask="0.0.0.0"/>
<IPv4 id="id2439X88798" name="EIGRP" comment="" ro="False" address="224.0.0.10" netmask="0.0.0.0"/>
<IPv4 id="id2446X88798" name="DHCP server, relay agent" comment="RFC 1884" ro="False" address="224.0.0.12" netmask="0.0.0.0"/>
<IPv4 id="id2455X88798" name="PIM" comment="" ro="False" address="224.0.0.13" netmask="0.0.0.0"/>
<IPv4 id="id2462X88798" name="RSVP" comment="" ro="False" address="224.0.0.14" netmask="0.0.0.0"/>
<IPv4 id="id2469X88798" name="VRRP" comment="RFC3768" ro="False" address="224.0.0.18" netmask="0.0.0.0"/>
<IPv4 id="id2777X88798" name="IGMP" comment="" ro="False" address="224.0.0.22" netmask="0.0.0.0"/>
<IPv4 id="id2784X88798" name="OSPFIGP-TE" comment="RFC4973" ro="False" address="224.0.0.24" netmask="0.0.0.0"/>
<IPv4 id="id3094X88798" name="HSRP" comment="" ro="False" address="224.0.0.102" netmask="0.0.0.0"/>
<IPv4 id="id3403X88798" name="mDNS" comment="" ro="False" address="224.0.0.251" netmask="0.0.0.0"/>
<IPv4 id="id3410X88798" name="LLMNR" comment="Link-Local Multicast Name Resolution, RFC4795" ro="False" address="224.0.0.252" netmask="0.0.0.0"/>
<IPv4 id="id3411X88798" name="Teredo" comment="" ro="False" address="224.0.0.253" netmask="0.0.0.0"/>
</ObjectGroup>
<ObjectGroup id="stdid17" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="stdid18" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="stdid04" name="Groups" comment="" ro="False">
<ObjectGroup id="id3DC75CE8" name="rfc1918-nets" comment="" ro="False">
<ObjectRef ref="id3DC75CE5"/>
<ObjectRef ref="id3DC75CE6"/>
<ObjectRef ref="id3DC75CE7"/>
</ObjectGroup>
<ObjectGroup id="id3292X75851" name="ipv6 private" comment="These are various ipv6 networks that should not be routed on the Internet&#10;" ro="False">
<ObjectRef ref="id2088X75851"/>
<ObjectRef ref="id2986X75851"/>
<ObjectRef ref="id2383X75851"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02" name="Hosts" comment="" ro="False">
<Host id="id3D84EECE" name="internal server" comment="This host is used in examples and template objects" ro="False">
<Interface id="id3D84EED2" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D84EED3" name="ip" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host id="id3D84EECF" name="server on dmz" comment="This host is used in examples and template objects" ro="False">
<Interface id="id3D84EEE3" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D84EEE4" name="ip" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="stdid03" name="Networks" comment="" ro="False">
<Network id="id3DC75CEC" name="all multicasts" comment="224.0.0.0/4 - This block, formerly known as the Class D address&#10;space, is allocated for use in IPv4 multicast address assignments.&#10;The IANA guidelines for assignments from this space are described in&#10;[RFC3171].&#10;" ro="False" address="224.0.0.0" netmask="240.0.0.0"/>
<Network id="id3F4ECE3E" name="link-local" comment="169.254.0.0/16 - This is the &quot;link local&quot; block. It is allocated for&#10;communication between hosts on a single link. Hosts obtain these&#10;addresses by auto-configuration, such as when a DHCP server may not&#10;be found.&#10;" ro="False" address="169.254.0.0" netmask="255.255.0.0"/>
<Network id="id3F4ECE3D" name="loopback-net" comment="127.0.0.0/8 - This block is assigned for use as the Internet host&#10;loopback address. A datagram sent by a higher level protocol to an&#10;address anywhere within this block should loop back inside the host.&#10;This is ordinarily implemented using only 127.0.0.1/32 for loopback,&#10;but no addresses within this block should ever appear on any network&#10;anywhere [RFC1700, page 5].&#10;" ro="False" address="127.0.0.0" netmask="255.0.0.0"/>
<Network id="id3DC75CE5" name="net-10.0.0.0" comment="10.0.0.0/8 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918]. Addresses within this&#10;block should not appear on the public Internet." ro="False" address="10.0.0.0" netmask="255.0.0.0"/>
<Network id="id3DC75CE7" name="net-172.16.0.0" comment="172.16.0.0/12 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918]. Addresses within this&#10;block should not appear on the public Internet.&#10;" ro="False" address="172.16.0.0" netmask="255.240.0.0"/>
<Network id="id3DC75CE6" name="net-192.168.0.0" comment="192.168.0.0/16 - This block is set aside for use in private networks.&#10;Its intended use is documented in [RFC1918]. Addresses within this&#10;block should not appear on the public Internet.&#10;" ro="False" address="192.168.0.0" netmask="255.255.0.0"/>
<Network id="id3F4ECE3F" name="test-net" comment="192.0.2.0/24 - This block is assigned as &quot;TEST-NET&quot; for use in&#10;documentation and example code. It is often used in conjunction with&#10;domain names example.com or example.net in vendor and protocol&#10;documentation. Addresses within this block should not appear on the&#10;public Internet.&#10;" ro="False" address="192.0.2.0" netmask="255.255.255.0"/>
<Network id="id3F4ECE40" name="this-net" comment="0.0.0.0/8 - Addresses in this block refer to source hosts on &quot;this&quot;&#10;network. Address 0.0.0.0/32 may be used as a source address for this&#10;host on this network; other addresses within 0.0.0.0/8 may be used to&#10;refer to specified hosts on this network [RFC1700, page 4]." ro="False" address="0.0.0.0" netmask="255.0.0.0"/>
<Network id="id3DC75CE7-1" name="net-192.168.1.0" comment="192.168.1.0/24 - Address often used for home and small office networks.&#10;" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id3DC75CE7-2" name="net-192.168.2.0" comment="192.168.2.0/24 - Address often used for home and small office networks.&#10;" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<NetworkIPv6 id="id2088X75851" name="documentation net" comment="RFC3849" ro="False" address="2001:db8::" netmask="32"/>
<NetworkIPv6 id="id2383X75851" name="link-local ipv6" comment="RFC4291 Link-local unicast net" ro="False" address="fe80::" netmask="10"/>
<NetworkIPv6 id="id2685X75851" name="multicast ipv6" comment="RFC4291 ipv6 multicast addresses" ro="False" address="ff00::" netmask="8"/>
<NetworkIPv6 id="id2986X75851" name="experimental ipv6" comment="RFC2928, RFC4773 &#10;&#10;&quot;The block of Sub-TLA IDs assigned to the IANA&#10;(i.e., 2001:0000::/29 - 2001:01F8::/29) is for&#10;assignment for testing and experimental usage to&#10;support activities such as the 6bone, and&#10;for new approaches like exchanges.&quot; [RFC2928]&#10;&#10;" ro="False" address="2001::" netmask="23"/>
</ObjectGroup>
<ObjectGroup id="stdid15" name="Address Ranges" comment="" ro="False">
<AddressRange id="id3F6D115C" name="broadcast" comment="" ro="False" start_address="255.255.255.255" end_address="255.255.255.255"/>
<AddressRange id="id3F6D115D" name="old-broadcast" comment="" ro="False" start_address="0.0.0.0" end_address="0.0.0.0"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
</CustomService>
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
</CustomService>
<ServiceGroup id="stdid10" name="Groups" comment="" ro="False">
<ServiceGroup id="sg-DHCP" name="DHCP" comment="" ro="False">
<ServiceRef ref="udp-bootpc"/>
<ServiceRef ref="udp-bootps"/>
</ServiceGroup>
<ServiceGroup id="id3F530CC8" name="DNS" comment="" ro="False">
<ServiceRef ref="udp-DNS"/>
<ServiceRef ref="tcp-DNS"/>
</ServiceGroup>
<ServiceGroup id="id3CB1279B" name="IPSEC" comment="" ro="False">
<ServiceRef ref="id3CB12797"/>
<ServiceRef ref="ip-IPSEC"/>
</ServiceGroup>
<ServiceGroup id="sg-NETBIOS" name="NETBIOS" comment="" ro="False">
<ServiceRef ref="udp-netbios-dgm"/>
<ServiceRef ref="udp-netbios-ns"/>
<ServiceRef ref="id3E755609"/>
</ServiceGroup>
<ServiceGroup id="id3CB131CC" name="PCAnywhere" comment="" ro="False">
<ServiceRef ref="id3CB131CA"/>
<ServiceRef ref="id3CB131C8"/>
</ServiceGroup>
<ServiceGroup id="sg-Useful_ICMP" name="Useful_ICMP" comment="" ro="False">
<ServiceRef ref="icmp-Time_exceeded"/>
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
<ServiceRef ref="icmp-ping_reply"/>
<ServiceRef ref="icmp-Unreachables"/>
</ServiceGroup>
<ServiceGroup id="id1569X4889" name="Ipv6 unreachable messages" comment="" ro="False">
<ServiceRef ref="idE0D27650"/>
<ServiceRef ref="idCFE27650"/>
<ServiceRef ref="idE0B27650"/>
<ServiceRef ref="id1519Z388"/>
</ServiceGroup>
<ServiceGroup id="id3B4FEDD9" name="kerberos" comment="" ro="False">
<ServiceRef ref="id3B4FEDA5"/>
<ServiceRef ref="id3B4FEDA9"/>
<ServiceRef ref="id3B4FEDA7"/>
<ServiceRef ref="id3B4FEDAB"/>
<ServiceRef ref="id3B4FEDA3"/>
<ServiceRef ref="id3B4FEE21"/>
<ServiceRef ref="id3B4FEE23"/>
<ServiceRef ref="id3E7E3EA2"/>
</ServiceGroup>
<ServiceGroup id="id3B4FF35E" name="nfs" comment="" ro="False">
<ServiceRef ref="id3B4FEE7A"/>
<ServiceRef ref="id3B4FEE78"/>
</ServiceGroup>
<ServiceGroup id="id3B4FEFFA" name="quake" comment="" ro="False">
<ServiceRef ref="id3B4FEF7C"/>
<ServiceRef ref="id3B4FEF7E"/>
</ServiceGroup>
<ServiceGroup id="id3D703C9A" name="Real Player" comment="" ro="False">
<ServiceRef ref="id3D703C99"/>
<ServiceRef ref="id3D703C8B"/>
</ServiceGroup>
<ServiceGroup id="id3E7E3E95" name="WinNT" comment="" ro="False">
<ServiceRef ref="sg-NETBIOS"/>
<ServiceRef ref="id3DC8C8BB"/>
<ServiceRef ref="id3E7E3D58"/>
</ServiceGroup>
<ServiceGroup id="id3E7E3E9A" name="Win2000" comment="" ro="False">
<ServiceRef ref="id3E7E3E95"/>
<ServiceRef ref="udp-DNS"/>
<ServiceRef ref="id3DC8C8BC"/>
<ServiceRef ref="id3E7E3EA2"/>
<ServiceRef ref="id3AECF778"/>
<ServiceRef ref="id3D703C90"/>
<ServiceRef ref="id3E7E4039"/>
<ServiceRef ref="id3E7E403A"/>
<ServiceRef ref="id3B4FEDA5"/>
<ServiceRef ref="tcp-DNS"/>
</ServiceGroup>
<ServiceGroup id="id41291786" name="UPnP" comment="" ro="False">
<ServiceRef ref="id41291784"/>
<ServiceRef ref="id41291785"/>
<ServiceRef ref="id41291783"/>
<ServiceRef ref="id412Z18A9"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07" name="ICMP" comment="" ro="False">
<ICMPService id="icmp-Unreachables" code="-1" type="3" name="all ICMP unreachables" comment="" ro="False"/>
<ICMPService id="id3C20EEB5" code="-1" type="-1" name="any ICMP" comment="" ro="False"/>
<ICMPService id="icmp-Host_unreach" code="1" type="3" name="host_unreach" comment="" ro="False"/>
<ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
<ICMPService id="icmp-ping_request" code="0" type="8" name="ping request" comment="" ro="False"/>
<ICMPService id="icmp-Port_unreach" code="3" type="3" name="port unreach" comment="Port unreachable" ro="False"/>
<ICMPService id="icmp-Time_exceeded" code="0" type="11" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" ro="False"/>
<ICMPService id="icmp-Time_exceeded_in_transit" code="1" type="11" name="time exceeded in transit" comment="" ro="False"/>
<ICMP6Service id="ipv6-icmp-ping_request" code="0" type="128" name="ipv6 ping request" comment="IPv6 ping request" ro="False"/>
<ICMP6Service id="ipv6-icmp-ping_reply" code="0" type="129" name="ipv6 ping reply" comment="IPv6 ping reply" ro="False"/>
<ICMP6Service id="ipv6-icmp-routersol" code="0" type="133" name="ipv6 routersol" comment="IPv6 router solicitation" ro="False"/>
<ICMP6Service id="ipv6-icmp-routeradv" code="0" type="134" name="ipv6 routeradv" comment="IPv6 router advertisement" ro="False"/>
<ICMP6Service id="ipv6-icmp-neighbrsol" code="0" type="135" name="ipv6 neighbrsol" comment="IPv6 neighbor solicitation" ro="False"/>
<ICMP6Service id="ipv6-icmp-neighbradv" code="0" type="136" name="ipv6 neighbradv" comment="IPv6 neighbor advertisement" ro="False"/>
<ICMP6Service id="ipv6-icmp-redir" code="0" type="137" name="ipv6 redir" comment="IPv6 redirect: shorter route exists" ro="False"/>
<ICMP6Service id="id1519Z388" code="-1" type="4" name="ipv6 parameter problem" comment="IPv6 Parameter Problem: RFC4443" ro="False"/>
<ICMP6Service id="idCFE27650" code="0" type="3" name="ipv6 time exceeded" comment="Time exceeded in transit" ro="False"/>
<ICMP6Service id="idCFF27650" code="1" type="3" name="ipv6 time exceeded in reassembly" comment="Time exceeded in reassembly" ro="False"/>
<ICMP6Service id="idE0B27650" code="-1" type="2" name="ipv6 packet too big" comment="" ro="False"/>
<ICMP6Service id="idE0D27650" code="-1" type="1" name="ipv6 all dest unreachable" comment="All icmpv6 codes for type &quot;destination unreachable&quot;&#10;" ro="False"/>
<ICMP6Service id="idCFE27660" code="-1" type="-1" name="ipv6 any ICMP6" comment="any ICMPv6" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid06" name="IP" comment="" ro="False">
<IPService id="id3CB12797" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False" name="AH" comment="IPSEC Authentication Header Protocol" ro="False"/>
<IPService id="ip-IPSEC" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" ro="False"/>
<IPService id="ip-RR" fragm="False" lsrr="False" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False" name="RR" comment="Route recording packets" ro="False"/>
<IPService id="ip-SRR" fragm="False" lsrr="True" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False" name="SRR" comment="All sorts of Source Routing Packets" ro="False"/>
<IPService id="ip-IP_Fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False" name="ip_fragments" comment="'Short' fragments" ro="False"/>
<IPService id="id3D703C8E" fragm="False" lsrr="False" protocol_num="57" rr="False" short_fragm="False" ssrr="False" ts="False" name="SKIP" comment="IPSEC Simple Key Management for Internet Protocols" ro="False"/>
<IPService id="id3D703C8F" fragm="False" lsrr="False" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False" name="GRE" comment="Generic Routing Encapsulation&#10;" ro="False"/>
<IPService id="id3D703C95" fragm="False" lsrr="False" protocol_num="112" rr="False" short_fragm="False" ssrr="False" ts="False" name="vrrp" comment="Virtual Router Redundancy Protocol" ro="False"/>
<IPService id="ip-IGMP" fragm="False" lsrr="False" protocol_num="2" rr="False" rtralt="True" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="IGMP" comment="Internet Group Management Protocol, Version 3, RFC 3376" ro="False"/>
<IPService id="ip-PIM" fragm="False" lsrr="False" protocol_num="103" rr="False" rtralt="False" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="PIM" comment="Protocol Independent Multicast - Dense Mode (PIM-DM), RFC 3973, or Protocol Independent Multicast-Sparse Mode (PIM-SM) RFC 2362" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
<TCPService id="tcp-ALL_TCP_Masqueraded" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ALL TCP Masqueraded" comment="ipchains used to use this range of port numbers for masquerading. " ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3D703C94" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="AOL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5190" dst_range_end="5190"/>
<TCPService id="tcp-All_TCP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3CB131C4" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Citrix-ICA" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1494" dst_range_end="1494"/>
<TCPService id="id3D703C91" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-Admin" comment="Entrust CA Administration Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="709" dst_range_end="709"/>
<TCPService id="id3D703C92" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-KeyMgmt" comment="Entrust CA Key Management Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="710" dst_range_end="710"/>
<TCPService id="id3AEDBEAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="H323" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
<TCPService id="id412Z18A9" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="icslap" comment="Sometimes this protocol is called icslap, but Microsoft does not call it that and just says that DSPP uses port 2869 in Windows XP SP2" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2869" dst_range_end="2869"/>
<TCPService id="id3E7E4039" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3268" dst_range_end="3268"/>
<TCPService id="id3E7E403A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC SSL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3269" dst_range_end="3269"/>
<TCPService id="id3D703C83" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="OpenWindows" comment="Open Windows" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2000" dst_range_end="2000"/>
<TCPService id="id3CB131C8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="PCAnywhere-data" comment="data channel for PCAnywhere v7.52 and later " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5631" dst_range_end="5631"/>
<TCPService id="id3D703C8B" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Real-Audio" comment="RealNetworks PNA Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7070" dst_range_end="7070"/>
<TCPService id="id3D703C93" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="RealSecure" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2998" dst_range_end="2998"/>
<TCPService id="id3DC8C8BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="SMB" comment="SMB over TCP (without NETBIOS)&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="445" dst_range_end="445"/>
<TCPService id="id3D703C8D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TACACSplus" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="49" dst_range_end="49"/>
<TCPService id="id3D703C84" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TCP high ports" comment="TCP high ports" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id3E7E3D58" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="WINS replication" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="42" dst_range_end="42"/>
<TCPService id="id3D703C82" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="X11" comment="X Window System" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6000" dst_range_end="6063"/>
<TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="tcp-DNS" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id3AECF774" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="finger" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="79" dst_range_end="79"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="tcp-FTP_data" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data" comment="FTP data channel.&#10; Note: FTP protocol does not really require server to use source port 20 for the data channel, &#10; but many ftp server implementations do so." ro="False" src_range_start="20" src_range_end="20" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id3E7553BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data passive" comment="FTP data channel for passive mode transfers&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="20" dst_range_end="20"/>
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
<TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
<TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
<TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3E7E3EA2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
<TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
<TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
<TCPService id="id3D703C90" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldaps" comment="Lightweight Directory Access Protocol over TLS/SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="636" dst_range_end="636"/>
<TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
<TCPService id="id3D703C97" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="lpr" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3DC8C8BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<TCPService id="id3D703C98" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ms-sql" comment="Microsoft SQL Server" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1433" dst_range_end="1433"/>
<TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
<TCPService id="id3E755609" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="id3E7553BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntps" comment="NNTP over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="563" dst_range_end="563"/>
<TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
<TCPService id="id3E7553BA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3s" comment="POP-3 over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="995" dst_range_end="995"/>
<TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
<TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
<TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<TCPService id="id3D703C99" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtsp" comment="Real Time Streaming Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="554" dst_range_end="554"/>
<TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
<TCPService id="id3D703C89" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="securidprop" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5510" dst_range_end="5510"/>
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
<TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
<TCPService id="id3D703C87" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sqlnet1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1521" dst_range_end="1521"/>
<TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id3CB131C6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="winterm" comment="Windows Terminal Services" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3389" dst_range_end="3389"/>
<TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
<TCPService id="id3C685B2B" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan - full" comment="This service object matches TCP packet with all six flags set." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id4127E949" ack_flag="False" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="False" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan" comment="This service object matches TCP packet with flags FIN, PSH and URG set and other flags cleared. This is a &quot;christmas scan&quot; as defined in snort rules. Nmap can generate this scan, too." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id4127EA72" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<TCPService id="id4127EBAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="distcc" comment="distributed compiler" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3632" dst_range_end="3632"/>
<TCPService id="id4127ECF1" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvspserver" comment="CVS client/server operations" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2401" dst_range_end="2401"/>
<TCPService id="id4127ECF2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvsup" comment="CVSup file transfer/John Polstra/FreeBSD" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5999" dst_range_end="5999"/>
<TCPService id="id4127ED5E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="afp" comment="AFP (Apple file sharing) over TCP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="548" dst_range_end="548"/>
<TCPService id="id4127EDF6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="whois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="43" dst_range_end="43"/>
<TCPService id="id4127F04F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="bgp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="179" dst_range_end="179"/>
<TCPService id="id4127F146" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius" comment="Radius protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1812" dst_range_end="1812"/>
<TCPService id="id4127F147" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius acct" comment="Radius Accounting" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1813" dst_range_end="1813"/>
<TCPService id="id41291784" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5000" dst_range_end="5000"/>
<TCPService id="id41291785" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp-5431" comment="Although UPnP specification say it should use TCP port 5000, Linksys running Sveasoft firmware listens on port 5431" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5431" dst_range_end="5431"/>
<TCPService id="id41291787" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-0" comment="Java VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5800" dst_range_end="5800"/>
<TCPService id="id41291788" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-0" comment="Regular VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
<TCPService id="id41291887" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-1" comment="Java VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5801" dst_range_end="5801"/>
<TCPService id="id41291888" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-1" comment="Regular VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
<TCPService id="id463FE5FE11008" ack_flag="False" ack_flag_mask="False" established="True" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP established" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called &quot;established&quot;.&#10;&#10;Note that you can use this object only in the policy rules of the firewall that supports this option.&#10;&#10;If you need to match reply packets for a specific TCP service and wish to use option &quot;established&quot;, make a copy of this object and set source port range to match the service.&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id1577X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtmp" comment="Real Time Messaging Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1935" dst_range_end="1935"/>
<TCPService id="id1590X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5222" dst_range_end="5222"/>
<TCPService id="id1609X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5269" dst_range_end="5269"/>
<TCPService id="id1622X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5223" dst_range_end="5223"/>
<TCPService id="id1631X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5270" dst_range_end="5270"/>
<TCPService id="id1644X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nrpe" comment="NRPE add-on for Nagios http://www.nagios.org/&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5666" dst_range_end="5666"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
<UDPService id="udp-ALL_UDP_Masqueraded" name="ALL UDP Masqueraded" comment="ipchains used to use this port range for masqueraded packets" ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
<UDPService id="udp-All_UDP" name="All UDP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<UDPService id="id3D703C96" name="ICQ" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
<UDPService id="id3CB129D2" name="IKE" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
<UDPService id="id3CB131CA" name="PCAnywhere-status" comment="status channel for PCAnywhere v7.52 and later" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5632" dst_range_end="5632"/>
<UDPService id="id3AED0D6B" name="RIP" comment="routing protocol RIP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="520" dst_range_end="520"/>
<UDPService id="id3D703C8C" name="Radius" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1645" dst_range_end="1645"/>
<UDPService id="id3D703C85" name="UDP high ports" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<UDPService id="id3D703C86" name="Who" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<UDPService id="id3B4FEDA1" name="afs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7000" dst_range_end="7009"/>
<UDPService id="udp-bootpc" name="bootpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
<UDPService id="udp-bootps" name="bootps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
<UDPService id="id3AEDBE70" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<UDPService id="udp-DNS" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<UDPService id="id3D703C8A" name="interphone" comment="VocalTec Internet Phone" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22555" dst_range_end="22555"/>
<UDPService id="id3B4FEDA5" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<UDPService id="id3B4FEDA9" name="kerberos-adm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="749" dst_range_end="750"/>
<UDPService id="id3B4FEDA7" name="kpasswd" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="464" dst_range_end="464"/>
<UDPService id="id3B4FEDAB" name="krb524" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4444" dst_range_end="4444"/>
<UDPService id="id3F865B0D" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<UDPService id="udp-netbios-dgm" name="netbios-dgm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="138" dst_range_end="138"/>
<UDPService id="udp-netbios-ns" name="netbios-ns" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="137" dst_range_end="137"/>
<UDPService id="udp-netbios-ssn" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<UDPService id="id3B4FEE78" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<UDPService id="udp-ntp" name="ntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="123" dst_range_end="123"/>
<UDPService id="id3B4FEF7E" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<UDPService id="id3D703C88" name="secureid-udp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="1024"/>
<UDPService id="udp-SNMP" name="snmp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
<UDPService id="id3AED0D69" name="snmp-trap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="162" dst_range_end="162"/>
<UDPService id="id3AEDBE19" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<UDPService id="id3AECF780" name="syslog" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<UDPService id="id3AED0D67" name="tftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="69" dst_range_end="69"/>
<UDPService id="id3AED0D8C" name="traceroute" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="33434" dst_range_end="33524"/>
<UDPService id="id4127EA73" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<UDPService id="id41291783" name="SSDP" comment="Simple Service Discovery Protocol (used for UPnP)" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1900" dst_range_end="1900"/>
<UDPService id="id41291883" name="OpenVPN" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1194" dst_range_end="1194"/>
</ServiceGroup>
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC.&#10;Works on iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/&#10;" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic &#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic.&#10;For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="stdid20" name="UserServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12" name="Firewalls" comment="" ro="False"/>
<ObjectGroup id="stdid21" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="stdid11" name="Time" comment="" ro="False">
<Interval id="int-workhours" days_of_week="1,2,3,4,5" from_day="-1" from_hour="9" from_minute="0" from_month="-1" from_weekday="1" from_year="-1" to_day="-1" to_hour="17" to_minute="0" to_month="-1" to_weekday="5" to_year="-1" name="workhours" comment="any day, 9:00am through 5:00pm" ro="False"/>
<Interval id="int-weekends" days_of_week="6,0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="weekends" comment="weekends: Saturday 0:00 through Sunday 23:59 " ro="False"/>
<Interval id="int-afterhours" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="18" from_minute="0" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="-1" to_year="-1" name="afterhours" comment="any day 6:00pm - 12:00am" ro="False"/>
<Interval id="id3C63479C" days_of_week="6" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="6" to_year="-1" name="Sat" comment="" ro="False"/>
<Interval id="id3C63479E" days_of_week="0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="0" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="Sun" comment="" ro="False"/>
</IntervalGroup>
</Library>
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
<Library id="id0" name="User" comment="" ro="False">
<ObjectGroup id="id1" name="Objects" comment="" ro="False">
<ObjectGroup id="id2" name="Addresses" comment="" ro="False">
<IPv4 id="id3" name="h-224.0.0.251" comment="Created during import of line 13" ro="False" address="224.0.0.251" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id4" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id5" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id6" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id7" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id8" name="Networks" comment="" ro="False"/>
<ObjectGroup id="id9" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id10" name="Services" comment="" ro="False">
<ServiceGroup id="id11" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id12" name="ICMP" comment="" ro="False">
<ICMPService id="id13" code="-1" type="-1" name="icmp -1/-1" comment="Created during import of line 10" ro="False"/>
</ServiceGroup>
<ServiceGroup id="id14" name="IP" comment="" ro="False">
<IPService id="id15" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="50" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip-50" comment="Created during import of line 11" ro="False"/>
<IPService id="id16" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="51" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip-51" comment="Created during import of line 12" ro="False"/>
</ServiceGroup>
<ServiceGroup id="id17" name="TCP" comment="" ro="False">
<TCPService id="id18" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 631:631" comment="Created during import of line 15" ro="False" src_range_start="0" src_range_end="0" dst_range_start="631" dst_range_end="631"/>
<TCPService id="id19" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 17" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
</ServiceGroup>
<ServiceGroup id="id20" name="UDP" comment="" ro="False">
<UDPService id="id21" name="udp 0:0 / 5353:5353" comment="Created during import of line 13" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5353" dst_range_end="5353"/>
<UDPService id="id22" name="udp 0:0 / 631:631" comment="Created during import of line 14" ro="False" src_range_start="0" src_range_end="0" dst_range_start="631" dst_range_end="631"/>
</ServiceGroup>
<ServiceGroup id="id23" name="Users" comment="" ro="False"/>
<ServiceGroup id="id24" name="Custom" comment="" ro="False"/>
<ServiceGroup id="id25" name="TagServices" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id26" name="Firewalls" comment="" ro="False">
<Firewall id="id27" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="1.3.0" name="test_fw" comment="Created during import of line 3" ro="False">
<NAT id="id91" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id29" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id31" disabled="False" group="" log="False" position="0" action="Branch" direction="Both" comment="Chain INPUT. &#10;Created during import of line 7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id27"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id95</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43" disabled="False" group="" log="False" position="1" action="Branch" direction="Both" comment="Chain FORWARD. &#10;Created during import of line 8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id95</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id55" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="Default iptables policy in filter/FORWARD">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id67" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Default iptables policy in filter/INPUT">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id27"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id79" disabled="False" group="" log="False" position="4" action="Accept" direction="Outbound" comment="Default iptables policy in filter/OUTPUT">
<Src neg="False">
<ObjectRef ref="id27"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id95" name="RH-Firewall-1-INPUT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id97" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 9">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id217"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id109" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 10">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id13"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id121" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 11">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id15"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id133" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 12">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id16"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id145" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 13">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id21"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id157" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 14">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id22"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id169" disabled="False" group="" log="False" position="6" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 15">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id18"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id181" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 16">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="stdid14_1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id193" disabled="False" group="" log="False" position="8" action="Accept" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 17">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id19"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id205" disabled="False" group="" log="False" position="9" action="Reject" direction="Both" comment="Chain RH-Firewall-1-INPUT. &#10;Created during import of line 18">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id93" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id217" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="lo" comment="Created during import of line 9" ro="False"/>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="check_shading">true</Option>
<Option name="configure_interfaces">true</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id218" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id219" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

14
src/unit_tests/ImporterTest/test_data/ipt-no-nat.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.3.5
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / RH-Firewall-1-INPUT
6: Default action: Deny
9: New interface: lo
16: Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking.
18: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
18: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
18: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

21
src/unit_tests/ImporterTest/test_data/ipt-no-nat.test Normal file
View File

@ -0,0 +1,21 @@
# Generated by iptables-save v1.3.5 on Mon Apr 11 15:46:04 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1593531:5659620982]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Apr 11 15:46:04 2011

14
src/unit_tests/ImporterTest/test_data/ipt-v1.1.1.1.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.1.1.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v1.1.1.12.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.1.1.12
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v1.1.1.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.1.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v1.1.12.1.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.1.12.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v1.1.12.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.1.12
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v1.12.1.1.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.12.1.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v1.12.1.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.12.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v1.2.1a.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 1.2.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v12.1.1.1.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 12.1.1.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

14
src/unit_tests/ImporterTest/test_data/ipt-v12.1.1.output Normal file
View File

@ -0,0 +1,14 @@
1: Version: 12.1.1
3: New ruleset: filter / INPUT
3: Default action: Accept
4: New ruleset: filter / FORWARD
4: Default action: Accept
5: New ruleset: filter / OUTPUT
5: Default action: Accept
6: New ruleset: filter / CHAIN-1-INPUT
6: Default action: Deny
Could not find enough information in the data file to create firewall interface objects.
9: Warning: Line 4: Added rule to reproduce default policy ACCEPT in filter/FORWARD
9: Warning: Line 3: Added rule to reproduce default policy ACCEPT in filter/INPUT
9: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT

4
src/unit_tests/ImporterTest/test_data/ipt.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302063030" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302569896" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -610,7 +610,7 @@
</ServiceGroup>
</ServiceGroup>
<ObjectGroup id="id153" name="Firewalls" comment="" ro="False">
<Firewall id="id154" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="" name="test_fw" comment="Created during import of line 3" ro="False">
<Firewall id="id154" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="ge_1.2.6" name="test_fw" comment="Created during import of line 3" ro="False">
<NAT id="id686" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id688" disabled="False" group="" position="0" action="Translate" comment="Created during import of line 257">
<OSrc neg="False">

1
src/unit_tests/ImporterTest/test_data/ipt.result → src/unit_tests/ImporterTest/test_data/ipt.output
View File

@ -1,3 +1,4 @@
1: Version: 1.2.1
3: New ruleset: filter / INPUT
3: Default action: Deny
4: New ruleset: filter / FORWARD

231
src/unit_tests/ImporterTest/test_data/pix7-nat.test
View File

@ -1,231 +0,0 @@
: Saved
:
PIX Version 7.2(1)
!
terminal width 511
hostname pix1
domain-name some-domain.org
enable password XXXXXXXXXXXXXXXX encrypted
names
name 1.2.3.4 gw
name 192.168.3.0 fake_network
name 192.168.4.1 inside_ip
!
dns-guard
!
interface Ethernet0
no nameif
no security-level
no ip address
!
interface Ethernet0.101
vlan 101
nameif outside
security-level 0
ip address 192.0.2.253 255.255.255.0
!
interface Ethernet0.102
vlan 102
nameif dmz102
security-level 20
ip address 10.0.0.253 255.255.255.0 standby 10.0.0.254
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 10.1.1.206 255.255.255.0
!
interface Ethernet2
description LAN/STATE Failover Interface
speed 10
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet6
!
passwd MMMMMMMMMMMMMMMM encrypted
boot system flash:/pix721.bin
ftp mode passive
clock timezone PDT -7
dns server-group DefaultDNS
domain-name some-domain.org
object-group network outside.id12051X6282.src.net.0
network-object host 10.1.1.206
network-object host 10.1.1.207
object-group network outside.id12051X6282.src.net.1
network-object host 172.17.1.253
network-object host 172.17.1.254
network-object host 192.0.2.253
network-object host 192.0.2.254
object-group network outside.id12051X6282.src.net.2
network-object host 10.0.0.253
network-object host 10.0.0.254
access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.0 any log warnings
access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.1 any log warnings
access-list outside_in extended deny ip object-group outside.id12051X6282.src.net.2 any log warnings
access-list outside_in extended deny ip 10.1.1.0 255.255.255.0 any log warnings
access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.0 10.1.1.0 255.255.255.0 eq domain log warnings
access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.1 10.1.1.0 255.255.255.0 eq domain log warnings
access-list inside_out extended permit udp object-group outside.id12051X6282.src.net.2 10.1.1.0 255.255.255.0 eq domain log warnings
access-list inside_out extended permit ip 10.1.1.0 255.255.255.0 any
access-list inside_out extended deny ip any any log warnings
access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.0 log warnings
access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.1 log warnings
access-list inside_in extended deny ip any object-group outside.id12051X6282.src.net.2 log warnings
access-list inside_in extended permit ip 10.1.1.0 255.255.255.0 any
access-list inside_in extended deny ip any any log warnings
access-list id12251X6282.0 extended permit ip 10.1.1.0 255.255.255.0 any
access-list id3DB0F94E.0 permit tcp host 192.168.1.10 eq 25 any
access-list id3DB0F924.0 permit ip 192.168.2.0 255.255.255.0 any
access-list id3DB0F924.0 permit ip 192.168.3.0 255.255.255.0 any
pager lines 24
logging enable
logging emblem
logging trap debugging
logging history informational
logging facility 16
logging queue 10
logging device-id ipaddress inside
logging host inside 192.168.240.20
logging host inside 10.1.1.40 format emblem
logging class config buffered debugging
mtu outside 1500
mtu dmz102 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface failover Ethernet2
failover lan enable
failover key *****
failover link failover Ethernet2
failover interface ip failover 172.17.1.253 255.255.255.252 standby 172.17.1.254
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (outside) 1 22.22.22.0 netmask 255.255.255.0
global (outside) 1 22.22.22.21-22.22.22.25 netmask 255.255.255.0
nat (inside) 1 access-list id12251X6282.0
nat (dmz102) 1 access-list id3DB0F924.0 0 0
static (inside,outside) tcp interface 25 access-list id3DB0F94E.0 0 0
static (inside,dmz102) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (inside,dmz102) 192.168.1.10 192.168.1.10 netmask 255.255.255.255
static (inside,outside) 192.168.1.10 192.168.1.10 netmask 255.255.255.255
access-group outside_in in interface outside
access-group inside_in in interface inside
access-group inside_out out interface inside
route inside 192.168.10.0 255.255.255.0 10.1.1.254 1
route inside 10.1.2.0 255.255.255.0 10.1.1.201 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 2:00:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
username fwbtest password AAAAAAAAAAAAAAAA encrypted privilege 15
aaa authentication ssh console LOCAL
snmp-server host inside 10.1.1.180 community public
snmp-server host inside 10.1.1.30 community public
snmp-server host inside 10.1.1.40 poll community public version 2c
no snmp-server location
no snmp-server contact
snmp-server community public
crypto ipsec transform-set spde esp-des esp-sha-hmac
crypto map spdemap 21 set peer 192.0.2.254
crypto map spdemap 21 set transform-set spde
crypto isakmp identity address
crypto isakmp policy 21
authentication pre-share
encryption des
hash sha
group 1
lifetime 3600
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 192.0.2.254 type ipsec-l2l
tunnel-group 192.0.2.254 ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh scopy enable
ssh 10.1.1.0 255.255.255.0 inside
ssh 10.1.2.0 255.255.255.0 inside
ssh 192.0.2.100 255.255.255.255 outside
ssh timeout 20
console timeout 0
!
class-map custom_h323_h225_inspection
match port tcp range h323 1721
class-map custom_http_inspection
match port tcp range www 88
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ctiqbe
inspect icmp
inspect ils
inspect mgcp
inspect esmtp
class custom_h323_h225_inspection
inspect h323 h225
class custom_http_inspection
inspect http
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: end